Check whitelist members only if environment is restricted

(ActionItem3191)

Check whitelist members only if environment is restricted
(ActionItem3191)
Joenio Costa
1 parent 3f489bc4
Showing 2 changed files with 14 additions and 2 deletions Show diff stats
app/controllers/application_controller.rb
test/functional/application_controller_test.rb
@@ -8,7 +8,7 @@ class ApplicationController &lt; ActionController::Base
   before_filter :init_noosfero_plugins
   before_filter :allow_cross_domain_access
   before_filter :login_required, :if => :private_environment?
-  before_filter :verify_members_whitelist, :if => :user
+  before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
   def verify_members_whitelist
     render_access_denied unless user.is_admin? || environment.in_whitelist?(user)
@@ -564,9 +564,10 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
-  should 'do not allow member not included in whitelist to access an environment' do
+  should 'do not allow member not included in whitelist to access an restricted environment' do
     user = create_user
     e = Environment.default
+    e.enable(:restrict_to_members)
     e.members_whitelist_enabled = true
     e.save!
     login_as(user.login)
@@ -604,4 +605,15 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_response :success
   end
+  should 'not check whitelist members if the environment is not restrict to members' do
+    e = Environment.default
+    e.disable(:restrict_to_members)
+    e.members_whitelist_enabled = true
+    e.save!
+    @controller.expects(:verify_members_whitelist).never
+    login_as create_user.login
+    get :index
+    assert_response :success
+  end
+
 end
	@@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base		@@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base
8	before_filter :init_noosfero_plugins	8	before_filter :init_noosfero_plugins
9	before_filter :allow_cross_domain_access	9	before_filter :allow_cross_domain_access
10	before_filter :login_required, :if => :private_environment?	10	before_filter :login_required, :if => :private_environment?
11	- before_filter :verify_members_whitelist, :if => :user	11	+ before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
12		12
13	def verify_members_whitelist	13	def verify_members_whitelist
14	render_access_denied unless user.is_admin? \|\| environment.in_whitelist?(user)	14	render_access_denied unless user.is_admin? \|\| environment.in_whitelist?(user)
	@@ -564,9 +564,10 @@ class ApplicationControllerTest < ActionController::TestCase		@@ -564,9 +564,10 @@ class ApplicationControllerTest < ActionController::TestCase
564	assert_redirected_to :controller => 'account', :action => 'login'	564	assert_redirected_to :controller => 'account', :action => 'login'
565	end	565	end
566		566
567	- should 'do not allow member not included in whitelist to access an environment' do	567	+ should 'do not allow member not included in whitelist to access an restricted environment' do
568	user = create_user	568	user = create_user
569	e = Environment.default	569	e = Environment.default
		570	+ e.enable(:restrict_to_members)
570	e.members_whitelist_enabled = true	571	e.members_whitelist_enabled = true
571	e.save!	572	e.save!
572	login_as(user.login)	573	login_as(user.login)
	@@ -604,4 +605,15 @@ class ApplicationControllerTest < ActionController::TestCase		@@ -604,4 +605,15 @@ class ApplicationControllerTest < ActionController::TestCase
604	assert_response :success	605	assert_response :success
605	end	606	end
606		607
		608	+ should 'not check whitelist members if the environment is not restrict to members' do
		609	+ e = Environment.default
		610	+ e.disable(:restrict_to_members)
		611	+ e.members_whitelist_enabled = true
		612	+ e.save!
		613	+ @controller.expects(:verify_members_whitelist).never
		614	+ login_as create_user.login
		615	+ get :index
		616	+ assert_response :success
		617	+ end
		618	+
607	end	619	end